Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/ZRiFSjtXOAKqBfZiD1CfWqb9XYI.roa
File:                     ZRiFSjtXOAKqBfZiD1CfWqb9XYI.roa (raw, json)
Hash identifier:          vZpGVCSS1u2B3W0d1kbCilfeYeklaHXA0Ycxc4pH+Jg=
Subject key identifier:   65:18:85:4A:3B:57:38:02:AA:05:F6:62:0F:50:9F:5A:A6:FD:5D:82
Certificate issuer:       /CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
Certificate serial:       018CCA286CA1564206B2572FDFF7029E2212
Authority key identifier: BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/ZRiFSjtXOAKqBfZiD1CfWqb9XYI.roa
Signing time:             Tue 02 Jan 2024 12:31:35 +0000
ROA not before:           Tue 02 Jan 2024 12:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28704
IP address blocks:        91.190.208.0/24 maxlen: 24
                          193.243.136.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:6c:a1:56:42:06:b2:57:2f:df:f7:02:9e:22:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
        Validity
            Not Before: Jan  2 12:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6518854a3b573802aa05f6620f509f5aa6fd5d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4e:e2:5f:83:81:a3:37:9d:8e:ab:7c:5e:db:
                    6b:75:86:b5:e4:0c:2a:09:d9:66:4c:9b:47:f8:a3:
                    1c:6a:70:dc:2e:09:b5:b2:6e:22:94:f9:e1:a8:07:
                    c1:71:91:a9:87:36:6c:8f:20:58:2b:6c:a7:be:3d:
                    da:eb:17:63:f8:37:de:43:4c:0b:78:3e:4f:42:6b:
                    0a:a1:06:47:aa:59:0d:d4:28:49:c8:59:73:2b:8b:
                    cc:5c:59:e5:aa:24:ce:9f:c9:ee:a4:c3:91:a8:ad:
                    d2:0b:6f:a5:07:72:f4:86:f3:5a:24:bf:bc:ae:ca:
                    a9:97:65:63:6f:6c:e8:97:5b:cc:87:43:10:fb:1d:
                    c1:00:cd:00:b9:d4:d9:0b:be:35:0f:52:4a:4c:42:
                    55:c5:c9:7a:6c:2a:84:78:f1:67:cb:79:67:e2:2f:
                    34:1a:da:eb:6a:46:12:4b:c1:65:99:0c:48:18:4d:
                    e6:ec:a1:04:83:ee:31:7f:45:a8:5a:7a:65:84:ad:
                    68:63:92:7e:cd:12:d9:f6:06:a0:59:5e:9c:0f:a8:
                    8e:71:5a:0d:c8:96:51:1c:3d:8c:73:96:11:fe:1b:
                    b5:fd:35:96:68:00:aa:5d:a4:8f:24:e7:cd:b6:6b:
                    c2:24:fa:70:95:61:3b:e7:18:6d:31:8e:b9:d2:1b:
                    9a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:18:85:4A:3B:57:38:02:AA:05:F6:62:0F:50:9F:5A:A6:FD:5D:82
            X509v3 Authority Key Identifier:
                keyid:BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/ZRiFSjtXOAKqBfZiD1CfWqb9XYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.208.0/24
                  193.243.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:e0:09:c7:dd:97:59:f8:02:92:47:25:a1:09:fb:d1:5b:d7:
         f5:40:06:c7:40:b5:bb:d7:f2:e0:57:5d:e0:a7:e0:bb:58:ae:
         9c:2e:34:65:7b:1a:fe:a2:1e:4d:c2:32:79:36:7b:36:11:42:
         96:c1:cf:5a:00:f4:f6:7c:3c:76:2a:bb:bd:15:71:5d:40:d3:
         64:7b:80:60:4d:f3:8a:ba:e7:3c:f4:eb:19:98:89:11:a8:82:
         c9:95:f6:73:56:ed:f7:e2:10:73:93:25:cf:11:4e:87:50:86:
         1d:87:32:8d:67:96:cf:79:a0:86:22:bc:d5:72:4b:03:47:0a:
         59:77:99:cf:3e:95:24:02:8c:7f:5d:0d:64:45:7c:ed:15:ab:
         de:b6:5c:92:b3:e5:54:b9:99:a4:7a:2a:70:13:3f:8d:a9:d3:
         92:e7:2f:b7:79:4e:17:e3:aa:90:e3:6f:6e:eb:40:2e:c1:54:
         8d:09:a3:c9:2b:3c:24:1f:fb:d7:34:5b:40:64:17:d9:89:6c:
         e8:e9:37:9c:47:cf:7d:46:a7:db:11:2c:8c:d2:33:c5:f5:25:
         f2:7f:42:52:72:6b:06:af:b1:9b:33:6d:45:99:43:18:96:27:
         4f:3d:db:37:79:f8:05:93:34:ab:48:36:c2:3f:22:48:5b:00:
         7e:06:98:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKGyhVkIGslcv3/cCniISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmEzYWY4MzlhYTFkY2U3NThmNDg5ZTJkMzFhZTIyMDky
ZmM5OWEwHhcNMjQwMTAyMTIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTE4ODU0YTNiNTczODAyYWEwNWY2NjIwZjUwOWY1YWE2ZmQ1ZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE7iX4OBozedjqt8XttrdYa15Awq
CdlmTJtH+KMcanDcLgm1sm4ilPnhqAfBcZGphzZsjyBYK2ynvj3a6xdj+DfeQ0wL
eD5PQmsKoQZHqlkN1ChJyFlzK4vMXFnlqiTOn8nupMORqK3SC2+lB3L0hvNaJL+8
rsqpl2Vjb2zol1vMh0MQ+x3BAM0AudTZC741D1JKTEJVxcl6bCqEePFny3ln4i80
GtrrakYSS8FlmQxIGE3m7KEEg+4xf0WoWnplhK1oY5J+zRLZ9gagWV6cD6iOcVoN
yJZRHD2Mc5YR/hu1/TWWaACqXaSPJOfNtmvCJPpwlWE75xhtMY650huaKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGUYhUo7VzgCqgX2Yg9Qn1qm/V2CMB8GA1UdIwQY
MBaAFL36Ovg5qh3OdY9Ini0xriIJL8maMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZvNi1EbXFIYzUxajBpZUxUR3VJZ2t2eVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC84Y2RiYzUtOTM2NS00YTBjLWI5YTMt
YWU3NzQ2ZjA5NjMwLzEvWlJpRlNqdFhPQUtxQmZaaUQxQ2ZXcWI5WFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC84Y2RiYzUtOTM2NS00YTBjLWI5YTMtYWU3NzQ2ZjA5NjMw
LzEvdmZvNi1EbXFIYzUxajBpZUxUR3VJZ2t2eVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW77QAwQB
wfOIMA0GCSqGSIb3DQEBCwUAA4IBAQBn4AnH3ZdZ+AKSRyWhCfvRW9f1QAbHQLW7
1/LgV13gp+C7WK6cLjRlexr+oh5NwjJ5Nns2EUKWwc9aAPT2fDx2Kru9FXFdQNNk
e4BgTfOKuuc89OsZmIkRqILJlfZzVu334hBzkyXPEU6HUIYdhzKNZ5bPeaCGIrzV
cksDRwpZd5nPPpUkAox/XQ1kRXztFavetlySs+VUuZmkeipwEz+NqdOS5y+3eU4X
46qQ429u60AuwVSNCaPJKzwkH/vXNFtAZBfZiWzo6TecR899RqfbESyM0jPF9SXy
f0JScmsGr7GbM21FmUMYlidPPds3efgFkzSrSDbCPyJIWwB+Bpjs
-----END CERTIFICATE-----